Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | |||
ID de Prueba: | 1.3.6.1.4.1.25623.1.0.891046 |
Categoría: | Debian Local Security Checks |
Título: | Debian LTS: Security Advisory for lucene-solr (DLA-1046-1) |
Resumen: | lucene-solr handler supports an HTTP API (/replication?command=filecontent&file= |
Descripción: | Summary: lucene-solr handler supports an HTTP API (/replication?command=filecontent&file= which is vulnerable to path traversal attack. Specifically, this API does not perform any validation of the user specified file_name parameter. This can allow an attacker to download any file readable to Solr server process even if it is not related to the actual Solr index state. Affected Software/OS: lucene-solr on Debian Linux Solution: For Debian 7 'Wheezy', this problem has been fixed in version 3.6.0+dfsg-1+deb7u2. We recommend that you upgrade your lucene-solr packages. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N |
Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2017-3163 Debian Security Information: DSA-4124 (Google Search) https://www.debian.org/security/2018/dsa-4124 https://lists.apache.org/thread.html/a6a33a186f293f9f9aecf3bd39c76252bfc49a79de4321dd2a53b488@%3Csolr-user.lucene.apache.org%3E RedHat Security Advisories: RHSA-2018:1447 https://access.redhat.com/errata/RHSA-2018:1447 RedHat Security Advisories: RHSA-2018:1448 https://access.redhat.com/errata/RHSA-2018:1448 RedHat Security Advisories: RHSA-2018:1449 https://access.redhat.com/errata/RHSA-2018:1449 RedHat Security Advisories: RHSA-2018:1450 https://access.redhat.com/errata/RHSA-2018:1450 RedHat Security Advisories: RHSA-2018:1451 https://access.redhat.com/errata/RHSA-2018:1451 |
Copyright | Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net |
Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |